Ransomware Attack: REvil Demands $70 Million in Bitcoin after Striking 200 US Firms

  • REvil is demanding for $70 million worth of Bitcoin after attacking more than 200 US firms.
  • The recent attack is the latest as the hacking group has demanded more than $50 million after hacking several companies, including Apple.

Russia-based ransomware hacking group REvil is demanding $70 million worth of Bitcoin after launching an attack on a minimum of 200 companies in the US. John Hammond, the senior cybersecurity researcher at security firm Huntress Lab, confirmed that REvil seems to be behind the ransomware hack. 

Reports revealed that REvil was able to spread the ransomware by targeting a software supplier, Kaseya. Revil used Kaseya’s network-management package to complete the attack through the cloud.

REvil Launches Biggest Global Ransomware Attack

The latest hack by REvil appears to be the biggest global ransomware attack on records as it has affected the IT systems of more than 1 million companies. However, the ransomware group is willing to provide a decrypter for the infected machines for $70 million in Bitcoin. 

In a post titled, “KASEYA ATTACK INFO,” the dark website Happy Blog stated:

“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about a universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour.”

Some of the hack victims are schools in New Zealand. Some other victims include Swedish grocery stores, and two major Dutch IT firms- VelzArt and Hoppenbrouwer Techniek. The ransomware attack has caused Swedish grocery chain Coop to close all its 800 stores. 

Following the hack, the US Federal Bureau of Investigation (FBI) said that it had started investigating the matter. Also, the FBI said it is now working with Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA) to reach out to victims of the ransomware attack. 

The Bureau added:

“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately.”

REvil Recent Hacks

The latest attack by REvil is not the first of its kind. REvil is known to attack its victims in a sophisticated manner and demand ransoms in exchange for decryptors. So far, the hacking group has requested up to $50 million from various companies, including American multinational technology company Apple. 

In May, the Russia-based hack group attacked Colonial Pipeline, forcing the company to pay a $5 million ransom in crypto. Shortly after the payment, the hacking group provided a decrypting tool to fix the disabled computer network. 

In the same month, the world’s largest meat processing company JBS also paid $11 million in Bitcoin as ransom to REvil. JBS paid the ransom to get back on track after the attack by REvil shut down its systems. The CEO of JBS USA, Andre Nogueira said that it was “very painful” to pay the hacking group. According to him, the company had to pay the ransom to avoid further attacks from REvil. 

News Source